Mastodon's flagship server suffers major DDoS attack, disrupting service

Severity: Medium (Score: 54.6)

Sources: Engadget, Technadu, Scworld, Techbuzz.Ai

Summary

Mastodon's flagship server, mastodon.social, experienced a severe DDoS attack on April 20, 2026, which temporarily rendered the site inaccessible to many users. The attack involved a flood of malicious web traffic that overwhelmed the server's infrastructure, leading to full-screen outage warnings for visitors. While the primary instance was affected, users on other Mastodon servers remained unaffected. Mastodon's head of communications confirmed that countermeasures were implemented, restoring access by 9:05 a.m. ET, although some instability persisted. This incident follows a similar DDoS attack on Bluesky, another decentralized social network, just days earlier, suggesting a potential pattern of targeting decentralized platforms. Security experts are monitoring the situation closely, as these attacks could indicate broader threats to the federated social media ecosystem. The attack highlights the vulnerabilities inherent in decentralized networks, particularly their reliance on key servers like mastodon.social. Key Points: • Mastodon's flagship server was hit by a DDoS attack on April 20, 2026. • The attack caused significant service disruption, but other instances remained operational. • This incident follows a similar attack on Bluesky, indicating a potential trend against decentralized platforms.

Key Entities

• DDoS (attack_type)
• Operation PowerOFF (campaign)
• Bluesky (platform)
• AT Protocol (platform)
• Mastodon (company)
• Rostelecom (company)
• Mossad (company)
• Russia (country)
• Aisuru (malware)
• JackSkid (malware)
• Kimwolf (malware)